Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/i6sAwnz5eerKflNQx4TjX5VA2jI.roa
File:                     i6sAwnz5eerKflNQx4TjX5VA2jI.roa (raw, json)
Hash identifier:          O2Z7nwK3B2NNkllSZP8dsQo5Ecef8/DXbo/DC9FCiOQ=
Subject key identifier:   8B:AB:00:C2:7C:F9:79:EA:CA:7E:53:50:C7:84:E3:5F:95:40:DA:32
Certificate issuer:       /CN=d58214cfa326611e9d494135a12ce8276f0f1784
Certificate serial:       018CC2DADB4D139CD231FA7CFDB905BE3AA2
Authority key identifier: D5:82:14:CF:A3:26:61:1E:9D:49:41:35:A1:2C:E8:27:6F:0F:17:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/i6sAwnz5eerKflNQx4TjX5VA2jI.roa
Signing time:             Mon 01 Jan 2024 02:29:32 +0000
ROA not before:           Mon 01 Jan 2024 02:29:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216423
IP address blocks:        178.219.157.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:da:db:4d:13:9c:d2:31:fa:7c:fd:b9:05:be:3a:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d58214cfa326611e9d494135a12ce8276f0f1784
        Validity
            Not Before: Jan  1 02:29:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8bab00c27cf979eaca7e5350c784e35f9540da32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d7:3d:72:dc:50:2e:86:1c:31:f5:2c:3a:e3:
                    33:46:09:60:a1:22:76:2d:e6:e0:bd:d2:1c:57:08:
                    84:27:a6:ea:1b:3a:cd:4b:1d:2c:4a:49:95:a5:9f:
                    ed:76:34:d8:79:cc:f6:2d:1a:5a:ba:68:08:47:be:
                    a1:72:e0:97:8f:44:a0:09:4b:54:91:88:aa:33:f4:
                    d0:f5:58:81:da:69:5b:77:64:af:62:20:c2:81:7f:
                    4f:26:06:af:c9:3b:d2:ba:aa:64:76:aa:38:13:7c:
                    37:95:ed:d5:18:f3:61:70:7c:5b:83:55:82:aa:ca:
                    b1:fc:4a:ca:0b:21:a4:81:6d:ed:5e:f9:a1:84:f4:
                    c9:2f:72:1e:64:c8:94:67:1d:5b:e8:f3:1e:1a:15:
                    1f:46:df:94:a5:c1:44:80:16:62:75:44:fb:ef:af:
                    c3:53:03:6b:c6:4f:55:e7:26:99:c4:a3:59:61:0c:
                    e6:65:b1:2d:c2:2e:d3:18:a5:55:15:a1:91:1f:23:
                    c7:13:67:ba:42:79:94:a7:c1:3e:c2:6f:b7:dd:15:
                    b0:ed:1e:82:81:94:0c:38:16:ba:b4:24:0b:f5:e9:
                    a8:01:d3:5c:ac:f9:c1:5d:9e:6a:8e:e3:bf:d6:8d:
                    f1:15:2f:a7:83:46:71:f2:10:b8:94:f4:ea:ff:dd:
                    6a:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:AB:00:C2:7C:F9:79:EA:CA:7E:53:50:C7:84:E3:5F:95:40:DA:32
            X509v3 Authority Key Identifier:
                keyid:D5:82:14:CF:A3:26:61:1E:9D:49:41:35:A1:2C:E8:27:6F:0F:17:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/i6sAwnz5eerKflNQx4TjX5VA2jI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/777eef-4d02-4d39-b1e4-1079d55aee91/1/1YIUz6MmYR6dSUE1oSzoJ28PF4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.219.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:ac:f4:ae:8d:7c:c8:7f:af:9b:5b:f3:80:68:7d:eb:a1:e5:
         f5:ec:57:f4:d6:da:ef:2f:07:50:3c:70:a9:9a:da:47:63:bb:
         d9:f7:63:6d:36:84:95:09:f0:25:db:a2:64:ec:ec:7b:74:ca:
         42:a1:27:13:38:6d:be:df:f1:61:b9:ba:50:5b:62:fa:c8:41:
         73:fe:49:0c:b4:a3:fb:2d:8c:fa:b8:72:52:52:05:aa:cb:ba:
         d9:f4:8e:35:b9:e0:a2:7d:0a:cb:f2:b7:e8:31:45:f0:b4:71:
         d6:7a:94:59:41:5b:85:d3:28:13:fe:69:58:9b:cb:c0:87:9c:
         fc:77:7f:0b:fd:a4:cb:0a:45:57:f1:6b:dc:fc:53:16:00:4c:
         30:3d:1a:77:35:7c:21:95:fa:79:20:2a:6e:1f:19:0b:11:05:
         00:a7:4b:12:23:b5:4c:25:f4:f6:4b:94:5e:63:78:e3:68:a3:
         75:e1:c0:64:6a:f7:13:fb:9a:1f:c1:62:80:0b:5c:c1:f2:8b:
         aa:53:e9:b8:d9:e8:26:f1:89:94:26:48:a7:c8:69:1d:c5:c3:
         dd:30:2d:27:37:ae:99:d2:fe:20:0e:4d:0a:25:c4:71:8c:6d:
         eb:ab:39:d8:2e:da:84:1f:c6:55:5c:e7:76:d5:a7:68:69:a3:
         d6:e1:b4:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzC2ttNE5zSMfp8/bkFvjqiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1ODIxNGNmYTMyNjYxMWU5ZDQ5NDEzNWExMmNlODI3NmYw
ZjE3ODQwHhcNMjQwMTAxMDIyOTMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YmFiMDBjMjdjZjk3OWVhY2E3ZTUzNTBjNzg0ZTM1Zjk1NDBkYTMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9c9ctxQLoYcMfUsOuMzRglgoSJ2
LebgvdIcVwiEJ6bqGzrNSx0sSkmVpZ/tdjTYecz2LRpaumgIR76hcuCXj0SgCUtU
kYiqM/TQ9ViB2mlbd2SvYiDCgX9PJgavyTvSuqpkdqo4E3w3le3VGPNhcHxbg1WC
qsqx/ErKCyGkgW3tXvmhhPTJL3IeZMiUZx1b6PMeGhUfRt+UpcFEgBZidUT776/D
UwNrxk9V5yaZxKNZYQzmZbEtwi7TGKVVFaGRHyPHE2e6QnmUp8E+wm+33RWw7R6C
gZQMOBa6tCQL9emoAdNcrPnBXZ5qjuO/1o3xFS+ng0Zx8hC4lPTq/91qZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIurAMJ8+Xnqyn5TUMeE41+VQNoyMB8GA1UdIwQY
MBaAFNWCFM+jJmEenUlBNaEs6CdvDxeEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVlJVXo2TW1ZUjZkU1VFMW9Tem9KMjhQRjRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi83NzdlZWYtNGQwMi00ZDM5LWIxZTQt
MTA3OWQ1NWFlZTkxLzEvaTZzQXduejVlZXJLZmxOUXg0VGpYNVZBMmpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi83NzdlZWYtNGQwMi00ZDM5LWIxZTQtMTA3OWQ1NWFlZTkx
LzEvMVlJVXo2TW1ZUjZkU1VFMW9Tem9KMjhQRjRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstudMA0G
CSqGSIb3DQEBCwUAA4IBAQB4rPSujXzIf6+bW/OAaH3roeX17Ff01trvLwdQPHCp
mtpHY7vZ92NtNoSVCfAl26Jk7Ox7dMpCoScTOG2+3/FhubpQW2L6yEFz/kkMtKP7
LYz6uHJSUgWqy7rZ9I41ueCifQrL8rfoMUXwtHHWepRZQVuF0ygT/mlYm8vAh5z8
d38L/aTLCkVX8Wvc/FMWAEwwPRp3NXwhlfp5ICpuHxkLEQUAp0sSI7VMJfT2S5Re
Y3jjaKN14cBkavcT+5ofwWKAC1zB8ouqU+m42egm8YmUJkinyGkdxcPdMC0nN66Z
0v4gDk0KJcRxjG3rqznYLtqEH8ZVXOd21adoaaPW4bSk
-----END CERTIFICATE-----